Let’s Connect Today!

NextGen Person

Application Security Engineer in St. Louis, MO at NextGen

Date Posted: 6/6/2019

Job Snapshot

Job Description

The incumbent performs functions to assess the vulnerability risk of the application code for the business systems owned by the Department Financial Management Service. The incumbent works under the supervision of the local St. Louis manager.

  • Under general supervision, ensures application security is consistent across numerous business lines by assisting project teams through assessments and internal penetration tests of the applications during the development phase.
  • Responsible for recognizing and identifying patterns and threats that could compromise application or data integrity. Evaluating architectural challenges and issues inherent in mitigating risk of system compromise.

Primary duties and responsibilities:

  • Work with client personnel to enhance the Software Development Life Cycle (SDLC) by adding security to remove vulnerabilities and protect business logic. Establish a security program for the SDLC, capture the current application architecture, lead the overall application review process, identify application vulnerabilities, propose architectural changes, design, coordinate, and implement these changes at procedural and technological levels.
  • Develop and drive the standards, development processes, systems architecture, and design patterns to support Cloud Technologies (AWS & AZURE) and business solutions.
  • Perform detailed Quality Assurance (QA) review of web-based applications, identify and validate application vulnerabilities, and perform actual remediation at architectural and source code levels. Security Risk Assessments - Evaluates system security reports by collecting, analyzing, and summarizing data and trends.
  • Designing and automating assessments through penetration testing and ethical hacking, then analyzing security risks and recommending mitigating and compensating security controls.
  • Working closely with cross functional teams to embed security, logging, auditing, and support all applications hosted within the corporate and cloud environments.
  • Maintain and support application security tools, including static and dynamic security analysis solutions, and develop related documentation.
  • Collaborate across multiple development and business teams to drive cyber security initiatives throughout the organization.
  • Assist in evaluation, planning, configuring and implementing new/existing security application tools.
  • Identify and recommend potential areas where existing policies and procedures require change or where additional effort and/or information are required to mitigate key security risks.

  • Bachelor of Computer Information Systems, Business Administration or technology-related field, or equivalent work experience in Information or Application Security.
  • Minimum 5+ years of experience in Information Security with an emphasis on application security.
  • Cloud experience (AWS, Azure, Google) is required.
  • Experience with tools such as Fortify, AppScan, WebInspect, Burp, ZAP. At least one security related certification, such as CISSP, GIAC, or OSCP strongly preferred.
  • Experience designing, configuring, implementing and leveraging cloud services models such as SaaS, PaaS, and IaaS for system security
  • Experience with the development, deployment, and automation of application security solutions in an enterprise cloud based environment
  • Demonstrated experience in investigating security issues related to web application exploits, credential stealing and authentication-based exploits.
  • Solid understanding of cloud security architectures and services.
  • Deep understanding of OWASP Top 10 and CWE/SANS Top 25.
  • Demonstrated proficiency in ethical hacking penetration testing techniques.
  • Knowledge of technical security control environments and compliance frameworks including CSA, ISO 270001, NIST.
  • Hands-on technical proficiency with Burp Suite, Metasploit and Kali Linux highly preferred.
  • In-Depth knowledge of web application architecture, API development, and MVS frameworks required.
  • Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously.
  • Experience in creating detailed solution design documents & diagrams.
  • Demonstrated ability to facilitate automation and integration through scripting in PowerShell, Python, Perl, highly preferred.
  • Ability to analyze and assess complex technical plans (i.e. security compliance standards).
  • Extremely effective written and verbal communication skills.
  • Experience with common vulnerability publications and resources including: Common Vulnerability Scoring System (CVSS), National Vulnerability Database (NVD), Common Weakness Enumeration (CWE), Common Vulnerabilities and Exposures (CVE), and Common Platform Enumeration (CPE).

US Citizenship Required.